Facebook's code leak raises fears of fraud

SECURITY LEAK The company has downplayed concerns, but experts say networkers face a growing danger of identity theft after the code for the popular site was published

THE GUARDIAN , LONDON

Experts are warning Internet users to be more careful with their private information after a secret code from the social-networking site Facebook was published on the Internet.

This is the first time that some of the site's secret operational code has been made public. Although it does not allow hackers to access private information directly, it could help criminals close in on personal data, according to one expert.

"This leak is not good news for Facebook, as it raises the question of how secure a user's private data really is. Facebook has become such a success and has such a high profile that it has become a magnet for attacks against its systems," said Nik Cubrilovic of Techcrunch.com.

The Facebook craze has been sweeping the world, and the site now has more than 30 million users, including 3.5 million in Britain. New users registering for a profile on the site usually publish their date of birth and hometown for anybody to see, and in many cases let approved friends see more personal details such as their home address and telephone number. Though this information is semi-private, criminals who become "friends" with other users have the potential to find out much more information about them.

The company blamed the leaked code on a "bug" that meant that it was published accidentally, and said users should not be concerned.

"It was not a security breach and did not compromise user data in any way," Facebook spokeswoman Brandee Barker said.

Facebook has been the center of controversy in recent weeks. A US court is in the process of hearing claims that the Web site's founder, Mark Zuckerberg, stole the idea for the site and advertisers including Vodafone and the AA pulled their money from the site after discovering that their ads were being shown on pages run by the British National Party.

The leak comes hot on the heels of warnings that social-networking sites are honey pots for identity thieves. Last month the credit information group Equifax warned people against putting too much personal information on social-networking Web sites.

"More and more consumers are signing up to these sites every day and chances are they'll put on their date of birth, location, email, job and marital status. Fraudsters can use this information to steal an individual's identity and open accounts in their name," said Neil Munroe, external affairs director at Equifax.

Figures released recently by CIFAS, the UK's fraud prevention service, show that a record number of frauds were committed in the first six months of this year, including an estimated 40,000 identity thefts. And according to the payments industry association Apacs, online banking fraud increased by 44 percent last year. CIFAS called the numbers "worryingly high" and pegged the cost of ID fraud in Britain at about ?1.5 billion (US$3 billion) a year.

The British government's approach to Internet crime came under the spotlight last week after a parliamentary report accused it of an "outdated" and "inefficient" approach. The House of Lords science and technology select committee suggested that public- and private-sector services needed better ways to deal with the rise of online fraud and hacking, and recommended the formation of a new national police squad charged with reducing online crime.